Re: Temporarily setting DNS servers
Re: Temporarily setting DNS servers
- Subject: Re: Temporarily setting DNS servers
- From: Allan Nathanson <email@hidden>
- Date: Fri, 30 Apr 2004 10:09:04 -0400
On Apr 30, 2004, at 9:24 AM, Frederik Seiffert wrote:
Allan Nathanson wrote:
On Apr 23, 2004, at 1:43 PM, Frederik Seiffert wrote:
Quinn wrote:
At 10:59 +0200 23/4/04, Frederik Seiffert wrote:
I want to override DNS settings during the presence of a VPN
connection, i.e. setting new DNS servers (which are usually in the
remote network behind the VPN) when the connection is established
and setting them back to the old values when the connection is
disconnected.
You probably should be doing this using the SCF dynamic store. The
key you're looking for is:
State:/Network/Global/DNS
I already tried this but it didn't seem to work. I used scutil to
change the key like this:
$ sudo scutil
> open
> get State:/Network/Global/DNS
> d.show
<dictionary> {
ServerAddresses : <array> {
0 : 192.168.1.1
}
SearchDomains : <array> {
0 : localdomain.lan
}
}
> d.add SearchDomains * localdomain.lan anotherlocaldomain.lan
> set State:/Network/Global/DNS
> quit
However, after this, /etc/resolv.conf was still the same (unlike
when changing the Setup:/Network/Service/<current set>/DNS key) and
resolving a server from anotherlocalnetwork.lan didn't work. I also
tried sending a HUP to configd and lookupd, but no luck.
Anything else I need to do in order to get a changed setting active?
Thanks,
Frederik
The dictionary associated with the State:/Network/Global/DNS dynamic
store key contains what the DNS configuration HAS BEEN SET TO and is
not the way to change the configuration. What you really want to do
is have your VPN code create a set of
State:/Network/Service/<service-id>/{IPv4,DNS,...} keys which reflect
the configuration associated with the VPN link. If there are
matching "Setup:..." keys then you can have the order the VPN service
to the top of the list and the default route, DNS settings, and proxy
configuration will follow your link when it's active. If your VPN
service is not first in the service order then you can add an
OverridePrimary key to the State:/Network/Service/<service-id>/IPv4
dictionary which will promote your service to the top of the list.
Thanks Allan for this information, it got me quite a bit further.
I experimented with different settings using scutil and got it
working. I found that corresponding "Setup:" keys are not necessary.
What you need to have though, is a State:/Network/Service/.../DNS and
a State:/Network/Service/.../IPv4 entry (obviously with the same
service id). The IPv4 entry must contain the "OverridePrimary" key
(which must be a CFNumber, CFBoolean doesn't work!). Also, the IPv4
entry seems to need the keys "Router", "Addresses" and "SubnetMasks".
Otherwise the entry won't become primary.
So what I can do is to copy the IPv4 information from the primary
service and put it my own new IPv4 entry. But I would rather like to
leave the IP settings untouched and set the DNS settings only. Is
there any way to do this?
Not at present.
- Allan
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.